New Security Issue in VB?

Well I see this went of at a complete tangent.

 

It fattened my ignore list nicely. The forum is quite pleasant to be on now.

 

How can a forum be pleasant, when you see no posts.

Oops ok. Maybe you'll see mine. But then again, because I was being sarcastic, you'll put me on your ignore list too.

Scott

 

Just so I can be certain. The second paragraph wasn't refering to me too, right?

Thanks for the compliment in the fist paragraph.

Scott

 

This happened in one of my forums. The /install was still there and they created an admin user. Same no ip registered. They dropped a 404.php file and a shell2.php file on the forum folder.

 

This is the saddest part of it. It was really disappointing to see him put a certain coder ahead of paying license holders the other day. Very unprofessional.

 

link? .. for science

 

Shouldn't you be trying to make vB5 useable rather then trolling forums? Oh wait... vB5 will never be usable.. Carry on sailing on the quickly sinking vessel known as IB, don't expect a life preserver from us.

 

Do ALL threads at AdminTalk degenerate into playground insults?

 

It happened to me too on vb3 and vb4

 

@NotoriousMK when this happened to you did you still have the /install folder in the root or had you removed it before it happened?

 

Well lets see, did this help to bring it back on track? or lather the slippery slope more?

 

I didn't receive an email from vBulletin notifying me about this exploit until yesterday. A week later, not bad at all.

 

You would have seen a note at the very top of your AdminCP the day the vulnerability was identified had you logged in. Most forum owners will do that pretty much every day...

You might also be interested in this mod released today: AdminCP News as Posts or PMs by BOP5 (Get your Admin CP News PMed to you!) for 4.x and AdminCP News as Posts or PMs by BOP5 (Get your Admin CP News PMed to you!) VB3 for 3.x.

 

I knew about the exploit because I visit vBcom and other webmaster forums daily, not everybody logs into their ACP everyday, I visit my forum everyday, but I don't get into ACP unless I have something specific to do (maybe two or three times a week); but that's not really the point... any company with an ounce of professionalism would notify their clients about a security issue via email and fast, not wait a week to do it.

Thanks for the mod link btw.

 

Having it appear in your ACP can be done almost instantly. Logging in just to check for news only takes a couple of seconds...

 

Again, not really the point. I keep up to date with everything, but not everybody can do it or knows how to do it. A responsible company would make sure to reach as many of their customers as possible and not assume that everybody logs into ACP to check the news or visits their support forums everyday.